[Snort-users] How to resolve flowbit dependancies using Pulled Pork?

Joel Esler (jesler) jesler at ...589...
Thu Mar 12 19:07:14 EDT 2015


Pulledpork should handle this automatically.

However, we haven’t had an “http.rtf” flowbit in about two years.  So, I am not sure what ruleset you are downloading, but it’s not the current one.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group

On Mar 11, 2015, at 6:12 PM, Andrew Shagayev <drewshg at ...11827...<mailto:drewshg at ...11827...>> wrote:

Hi Guys!

When starting Snort getting a bunch of warnings:

Warning: flowbits key 'http.rtf' is set but not ever checked.

Please could anyone help me to address this!
I know it can be done with pulledpork, but could you show the command example which does this

Thank you!

--
A.S.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150312/9cd50866/attachment.html>


More information about the Snort-users mailing list